For the love of god would some of you smart people please apply, https://grnh.se/5a948d792us getting some really poor candidates to wade through and surprised there isn't better given how many layoffs have occurred recently.

Hello people! Just a gentle reminder that the #TROOOERS25 CfP and CfT are open and that the early bird tickets will end on 31st of January. Hope you all had a great start into the year. See you in June!

Investigating an "evil" RJ45 dongle: https://lcamtuf.substack.com/p/investigating-an-evil-rj45-dongle

Another NEWAG train just stopped and a regional Polish operator is looking for someone to fix it. 😅
(news item is in Polish)
It also says the train is currently undergoing a routine servicing which makes it sound like this happened while at a competitor's workshop... again.

https://kolejowyportal.pl/opolski-impuls-ma-problem-z-uruchomieniem/
#38C3

Tonight, we'll explore the WAD file format, the minimalist and elegant archive file format used in Doom, many FPS games, but also other unrelated softwares!

AppSec Ezine - 570th https://pathonproject.com/zb/?59977c56bec8b958#e+wiAye2wuHVod3B89PrMI2UXgL0uNxqrn6WsHmxucE= #AppSec #Security

Project: python/cpython https://github.com/python/cpython
File: Lib/compileall.py:132 https://github.com/python/cpython/blob/2bd5a7ab0f4a1f65ab8043001bd6e8416c5079bd/Lib/compileall.py#L132

def compile_file(fullname, ddir=None, force=False, rx=None, quiet=0, legacy=False, optimize=-1, invalidation_mode=None, *, stripdir=None, prependdir=None, limit_sl_dest=None, hardlink_dupes=False):

SVG:
dark https://tmr232.github.io/function-graph-overview/render/?github=https%3A%2F%2Fgithub.com%2Fpython%2Fcpython%2Fblob%2F2bd5a7ab0f4a1f65ab8043001bd6e8416c5079bd%2FLib%2Fcompileall.py%23L132&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?github=https%3A%2F%2Fgithub.com%2Fpython%2Fcpython%2Fblob%2F2bd5a7ab0f4a1f65ab8043001bd6e8416c5079bd%2FLib%2Fcompileall.py%23L132&colors=light

https://courk.cc/rp2350-challenge-laser

@ekuber Wow, this would've made the exercise almost too easy! :D I wanted to make a comment about E207 but I see you already fixed that one too. My trust in the Rust community just increased a lot (not that I had any bad experiences so far)!

CISA: Closing the Software Understanding Gap
CISA, along with the Defense Advanced Research Projects Agency (DARPA), the Office of the Under Secretary of Defense for Research and Engineering (OUSD R&E), and the National Security Agency (NSA) published Closing the Software Understanding Gap (PDF) which urges the U.S. government to take decisive and coordinated action to close the software understanding gap. This gap arises from a disparity of technical investment where software production has outstripped investment in improving understanding for decades. By closing the software understanding gap, the United States will help mission owners and operators trust the system is functional, safe, and secure, and support confidence in national security and critical infrastructure systems.

#securitybestpractice #cisa #securebydesign #infosec #cybersecurity

Microsoft Configuration Manager (ConfigMgr / SCCM) 2403 Unauthenticated SQL injections (CVE-2024-43468) https://www.synacktiv.com/advisories/microsoft-configuration-manager-configmgr-2403-unauthenticated-sql-injections

@ekuber you are awesome, thank you! I'm sure your ticket will also help me better understand the situation.

New: this OnlyFans model publishes her machine learning explainers to both YouTube and Pornhub. Although YouTube may get a million views, that'll generate around $300. The same content posted to Pornhub, with ~30k views, makes $1000. We spoke to her https://www.404media.co/why-this-onlyfans-model-posts-machine-learning-explainers-to-pornhub/

@dey Win11 **makes** you know :D

@qwertyoruiop I'm no expert but IIRC sound engineers usually calculate with the expected listening medium too. For example there was an article about how commercial pop is mastered so it'll get into your head when played in malls, and they can probably also take into account that people will listen to a track from YT on a 3G connection.

Can any #Rust expert out there explain where is the syntax for this little challenge documented?

https://github.com/mainmatter/100-exercises-to-learn-rust/issues/245

(preferably with explanations about what the different lifetime annotations mean)

@qwertyoruiop Isn't that what people call lo-fi?

@raptor @obivan Oooh exciting!

@raptor @obivan I should read that post already...

"Proof of Concept that exploits CVE-2024-49138 in CLFS.sys"

https://github.com/MrAle98/CVE-2024-49138-POC

Note: I did *not* verify this but it's at least not an obvious fake. Be careful!

/via @obivan